: Preferred Analysis for Documents or Executables
Focus
Focus

Preferred Analysis for Documents or Executables

Table of Contents

Preferred Analysis for Documents or Executables

A single virtual machine (VM) image runs on the WildFire appliance; when you Upgrade the WildFire Appliance Software, you can choose for the WildFire appliance to use the VM image that most reflects your network environment. Each available VM image represents a single operating system and supports several different analysis environments based on that operating system. You can now dedicate all analysis environments to support certain file types: either documents (Microsoft Office files and PDFs) or portable executables (PEs). This feature is helpful if you are using the WildFire appliance to analyze specific file types; for example, if you’ve deployed a WildFire hybrid cloud to analyze documents locally and PEs in the WildFire global cloud. In this case, you could dedicate all analysis environments to documents. Previously, analysis environments were statically allocated and the resources available for document and executable analysis were evenly divided; you could not adjust the allocation of analysis resources even when the WildFire appliance was configured to analyze only one type of file.
  1. Confirm that the firewall is configured to forward only the file type to which you want to dedicate WildFire analysis environments.
    1. In the firewall web interface, select ObjectsSecurity ProfilesWildFire Analysis.
    2. Confirm that the WildFire Analysis profile set to forward files to the WildFire private cloud for analysis is configured to forward documents or executables.
    3. Select PoliciesSecurity and confirm that the WildFire Analysis profile is attached to a security policy rule. Traffic the rule allows is forwarded to the WildFire appliance for private cloud analysis based on the WildFire Analysis profile settings.
  2. Allocate WildFire appliance resources to analyze either documents or executables.
    Use the following CLI command:
    admin@WF-500# set deviceconfig setting wildfire preferred-analysis-environment documents | executables | default
    and choose from one of the following options:
    • documents—Dedicate analysis resources to concurrently analyze 25 documents, 1 PE, and 2 email links.
    • executables—Dedicate analysis resources to concurrently analyze 25 PEs, 1 documents, and 2 email links.
    • default—The appliance concurrently analyzes 16 documents, 10 portable executables (PE), and 2 email links.
  3. Confirm that all WildFire appliances processes are running.
    admin@WF-500> show system software status